Zyxel firewalls are under active cyberattack after a critical security vulnerability was disclosed last week that could allow unauthenticated, remote arbitrary code execution. The bug (CVE-2022-30525, CVSS 9.8) was silently patched in April, but no public disclosure was made until last Thursday, May 12, when Rapid7 released a technical report on the issue. It also…